SSL It! has a default feature that significantly decreases a number of cases when Let’s Encrypt SSL/TLS certificates cannot be issued
because of incompatible domain configurations.
When you get an SSL/TLS certificate from Let’s Encrypt, its servers need to validate that you control the domain names in the certificate.
To do so, Let’s Encrypt uses so-called “challenges”: Let’s Encrypt gives a token file that Plesk places to http://<your_domain>/.well-known/acme-challenge/<token>.
We call this directory the common challenge directory. The certificate issue will fail if this directory is not accessible. It may happen because of the following configurations:
- The directory was protected with a password.
- The website that you want to secure was blocked by the “Deny access to the website” feature.
- Incorrect MIME types, and so on.
When installed, SSL It! ensures that the common challenge directory is supported and accessible even if certain incompatible configurations are detected.
The feature “common challenge directory support” is enabled by default in Plesk for Linux and Windows.
If necessary, you can turn off the feature via the CLI by running the following command:
plesk ext sslit --common-challenge-dir –disable.
However, we recommend that you keep the common challenge directory support on.
If you have updated to SSL It! 1.4.0 from earlier versions, the common challenge directory support will be turned on automatically
unless the use-common-challenge-dir setting was disabled in panel.ini.
If the option was disabled, you need to turn on the support manually by running the following command:
plesk ext sslit --common-challenge-dir –enable.
Starting with SSL It! 1.4.0 the use-common-challenge-dir setting is deprecated.